[syslog-ng] DNS and hosts

Hari Sekhon hpsekhon at googlemail.com
Thu Sep 28 17:58:32 CEST 2006 

thanks, I'll look into that... it seems to be a standard thing that I 
have never used or noticed before....

-h

Hari Sekhon



Evan Rempel wrote:
> First, we have two DNS servers, so one can be down without any change 
> in service.
>
> Second, I just run the name service caching deamon (nscd) and 
> configure it for whatever
> cache name timeout that I want. This does not help with syslog 
> messages that come from
> a host that does not have an entry in the name cache such as a new 
> host, but it
> works for me.
>
> Evan.
>
> Hari Sekhon wrote:
>> I have a logserver with a mysql back-end and php-syslog-ng front-end.
>>
>> I was doing some work on DNS (migration to another machine, another 
>> version) yesterday and it was down for a little while. I noticed 
>> today that in the logserver interface I have loads of ip addresses 
>> instead of hostnames.
>>
>> So I had to go through and change the fields for all those hosts 
>> manually, which was quite annoying. In order to stop this from 
>> happening again I was wondering what steps I could take.
>>
>> My logserver conf options section is as follows:
>>
>> options {
>>    chain_hostnames(off);
>>    sync(10);
>>    stats(43200);
>>    keep_hostname(no);
>>    use_dns(yes);
>>    dns_cache(yes);
>>    create_dirs(yes);
>>    log_fifo_size(5000);
>> };
>>
>> If I change keep_hostname() to yes will I still get validation via 
>> dns or not? I think not judging from the docs. I was wondering if 
>> perhaps it would use dns and if unavailable it would use the name 
>> from the logs. Wishful thinking?
>>
>>
>> On a DNS front, I was wondering if I could just copy a hosts file 
>> with all the dns names in it to the /etc/hosts of the linux system 
>> running the logserver. Would this work? Would syslog-ng obey the 
>> nsswitch of the linux system and use the hosts file first? Or does it 
>> have to do a dns request when use_dns(yes) is the options{}; ?
>>
>> This way, I'll never have this problem again if I need to fiddle the 
>> DNS server. I already have a hosts file generated when I update my 
>> dns server records so this is ready to go if it will work...
>>
>>
>> All feedback welcome.
>>
>> -h
>>
>
>

More information about the syslog-ng mailing list